[v3.0] cacti: multiple SQL injections (CVE-2015-4634)
CVE-2015-4634 was assigned for an SQL injection in cacti [0], but
according to
the commit fixing it [1] several other SQL injections were also found:
-bug#0002574: SQL Injection Vulnerabilitie in graph items and graph
template items
http://bugs.cacti.net/view.php?id=0002574
-bug#0002579: SQL Injection Vulnerabilitie in data sources
http://bugs.cacti.net/view.php?id=0002579
-bug#0002580: SQL Injection in cdef.php
http://bugs.cacti.net/view.php?id=0002580
-bug#0002582: SQL Injection in data_templates.php
http://bugs.cacti.net/view.php?id=0002582
-bug#0002583: SQL Injection in graph_templates.php
http://bugs.cacti.net/view.php?id=0002583
-bug#0002584: SQL Injection in host_templates.php
http://bugs.cacti.net/view.php?id=0002584
Reference:
http://seclists.org/oss-sec/2015/q3/150
(from redmine: issue id 4480, created on 2015-07-24, closed on 2015-07-31)
- Relations:
- parent #4478 (closed)
- Changesets:
- Revision 0c74063e by Natanael Copa on 2015-07-31T06:29:10Z:
main/cacti: security upgrade to 0.8.8f (CVE-2015-4634)
fixes #4480